Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 6:0 p.m.3 views

CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

2.1CVSS5.9AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:0 p.m.16 views

CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

2.1CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 1:49 p.m.20 views

CVE-2025-14507

CVE-2025-14507 — EventPrime for WordPress suffers unauthenticated sensitive information exposure via the REST API in all versions up to and including 4.2.7.0. Unauthenticated attackers could exfiltrate booking data (user names, emails, ticket details, payment information, and order keys) when the...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.8 views

CVE-2020-10100

An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...

6.5CVSS6.7AI score0.00898EPSS
Exploits0References1
Prion
Prion
added 2020/03/05 1:15 a.m.13 views

Design/Logic Flaw

An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...

4CVSS6.3AI score0.00898EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2002/10/04 4:0 a.m.18 views

CVE-2002-0931

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a 1 Title or 2 Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the 3...

7.5CVSS6.9AI score0.03073EPSS
Exploits1References5
Rows per page
Query Builder